Skills
skills/iofficeai/officecli/officecli-docx/Gen Agent Trust Hub

officecli-docx

Fail

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill instructions direct the agent to install the officecli utility by downloading and executing scripts directly from a remote GitHub repository using curl | bash and irm | iex. This method of installation executes unverified code from the internet and is a high-risk pattern.
  • [COMMAND_EXECUTION]: The skill utilizes the officecli tool to interact with the local file system and perform complex operations on .docx files, including structure modification and raw XML injection.
  • [PROMPT_INJECTION]: An indirect prompt injection surface is present because the skill extracts and processes text from external Word documents.
  • Ingestion points: Document content is read into the agent's context using the view text, view annotated, and get commands.
  • Boundary markers: There are no delimiters or instructions to the agent to disregard instructions that may be embedded within the document content.
  • Capability inventory: The skill has the ability to write to the file system and modify document internals via the officecli tool.
  • Sanitization: Extracted document content is processed directly without filtering or sanitization.
Recommendations
  • HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/iOfficeAI/OfficeCLI/main/install.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 26, 2026, 04:05 PM